Using a fine-grained address space layout randomization to mitigate potential security exploits

US 10,311,228 B2
Filed: 09/30/2014
Issued: 06/04/2019
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of a device, cause the device to perform operations comprising:

selecting a region in a first address space in memory of the device, the region storing instructions for execution by one or more processors of the device;

dividing the region into multiple clumps of memory, each clump including a plurality of memory pages including at least a start memory page and an end memory page;

mapping each clump from an address in the first address space to a random address in a second address space by referencing a shuffled clump map;

determining whether the end memory page of the each clump includes instruction codes for execution;

if the end memory page includes instruction codes, additionally mapping a start memory page of a subsequent clump to an address contiguous with the end memory page of the each clump;

loading the each clump into the random address in the second address space of the device for a shuffled virtual memory address space corresponding to the shuffled clump map; and

identifying the region storing the instructions for execution based on the shuffled clump map.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system can use a method of fine-grained address space layout randomization to mitigate the system'"'"'s vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

Citations

19 Claims

1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of a device, cause the device to perform operations comprising:
- selecting a region in a first address space in memory of the device, the region storing instructions for execution by one or more processors of the device;
  
  dividing the region into multiple clumps of memory, each clump including a plurality of memory pages including at least a start memory page and an end memory page;
  
  mapping each clump from an address in the first address space to a random address in a second address space by referencing a shuffled clump map;
  
  determining whether the end memory page of the each clump includes instruction codes for execution;
  
  if the end memory page includes instruction codes, additionally mapping a start memory page of a subsequent clump to an address contiguous with the end memory page of the each clump;
  
  loading the each clump into the random address in the second address space of the device for a shuffled virtual memory address space corresponding to the shuffled clump map; and
  
  identifying the region storing the instructions for execution based on the shuffled clump map.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The medium of claim 1 wherein the first address space is a 64-bit linear virtual memory address space, the instructions for execution include one or more functions, and a compiler provides location and boundary information about the one or more functions in the linear virtual memory address space.
  - 3. The medium of claim 1 wherein the region includes a binary load address, a library load address, a dynamic library cache, or a shared object cache.
  - 4. The medium of claim 3 wherein the instructions stored in the region include instructions for one or more shared library functions.
  - 5. The medium of claim 1 wherein dividing the region into multiple clumps of memory comprises determining, within a page of the memory, an offset to split the page.
  - 6. The medium of claim 5 wherein the offset to split the page is used at least in part to determine a start address of a function within a clump.
  - 7. The medium of claim 1 wherein the second address space is a process memory space.
  - 8. The medium of claim 1 wherein mapping each clump to the random address includes mapping a first clump to a first random virtual address and mapping a second clump to a second random virtual address.
  - 9. The medium of claim 8 wherein the first clump includes a first function, the second clump includes a third function, a second function spans the first clump and the second clump, and each clump includes three or more pages.

10. A data processing system comprising:
- one or more processors coupled to a memory device;
  
  a loader to cause the one or more processors to load a segment of a binary into the memory;
  
  a first memory manager to map a first virtual memory address to a first physical address in memory, the first physical address in a region of the memory including the segment and the first virtual memory address associated with a memory clump including a plurality of virtual memory pages including a start virtual memory page and an end virtual memory page, wherein if an end virtual memory page of the memory clump includes instruction codes for execution then the memory clump also includes a start virtual memory page of a subsequent memory clump;
  
  a second memory manager to randomly map a second virtual memory address to the first virtual memory address, wherein the second virtual memory address is an address of a shuffled virtual memory address space corresponding to a shuffled clump map, wherein the region of the memory including the segment is identified by mapping the region of the memory from an address in the first virtual memory address to a random address in the second virtual address space by referencing the shuffled clump map; and
  
  a memory view process to present a view of the segment to a user process, wherein the view includes the second virtual memory address.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system as in claim 10 wherein the second memory manager is further to divide the region into multiple clumps, each clump including at least a start page and an end page, and to map the start page of a second clump to a virtual memory address successive to and contiguous with the end page of a first clump, wherein the end page of the first clump includes a start address of a second function and the start page of the second clump includes a remainder of the second function.
  - 12. The system as in claim 10 wherein the first virtual memory address is in a 64-bit linear virtual memory address space and a compiler provides location and boundary information about one or more objects in the linear virtual memory address space.
  - 13. The system as in claim 10 wherein the binary is a dynamic library or a shared object.
  - 14. The system as in claim 13 wherein the binary is part of a shared library cache.

15. An electronic device comprising:
- one or more processors coupled to a bus;
  
  a memory device, coupled to the bus, to store first instructions for execution by the one or more processors, wherein the first instructions, when executed, cause the one or more processors to perform operations to;
  
  select a region in a first address space in memory of the device, the region to store second instructions for execution by one or more processors of the device;
  
  divide the region into multiple clumps of memory, each clump including a plurality of memory pages including at least a start memory page and an end memory page;
  
  map each clump from an address in the first address space to a random address in a second address space by referencing a shuffled clump map;
  
  determining whether the end memory page of the each clump includes instruction codes for execution;
  
  if the end memory page includes instruction codes, additionally mapping a start memory page of a subsequent clump to an address contiguous with the end memory page of the each clump;
  
  loading the each clump into the random address in the second address space of the device for a shuffled virtual memory address space corresponding to the shuffled clump map; and
  
  identifying the region storing the second instructions for execution based on the shuffled clump map.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The electronic device of claim 15 wherein the first address space is a 64-bit linear virtual memory address space, the second instructions for execution include one or more functions, a compiler provides location and boundary information about the one or more functions in the linear virtual memory address space, and the second address space is a process memory space.
  - 17. The electronic device of claim 15 wherein the region includes a binary load address, a library load address, a dynamic library cache, or a shared object cache and wherein the second instructions stored in the region include instructions for one or more shared library functions.
  - 18. The electronic device of claim 15 wherein to divide the region into multiple clumps of memory includes to determine within a page of the memory an offset to split the page, wherein the offset to split the page is used at least in part to determine a start address of a function within a clump.
  - 19. The electronic device of claim 15 wherein to map each clump to the random address includes to:
    - map a first clump to a first random virtual address; and
      
      map a second clump to a second random virtual address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Vidrine, Jacques A., Allegra, Nicholas C., Cooper, Simon P., Hughes, Gregory D.
Primary Examiner(s)
Wright, Bryan F

Application Number

US14/503,212
Publication Number

US 20160092675A1
Time in Patent Office

1,708 Days
Field of Search

726 22
US Class Current
CPC Class Codes

G06F 12/0284   Multiple user address space...

G06F 21/52   during program execution, e...

G06F 2221/033   Test or assess software

Using a fine-grained address space layout randomization to mitigate potential security exploits

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Using a fine-grained address space layout randomization to mitigate potential security exploits

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links